<?php
/*
admin is allowed everywhere

admin module
    user 'monzee', even though he's not an admin, is allowed at index/*

default module
    guest (i.e. everyone) is allowed at index/*

blog module
    member is allowed at comments/* except
        comments/edit
        comments/delete
    moderator is allowed at pages where member is allowed, plus
        comments/edit
        comments/delete
    author is allowed at at pages where member is allowed, plus
        posts/* except
            post/edit
            post/delete
    editor is allowed at pages where moderator AND author are allowed, plus
        posts/edit
        posts/delete

*/
return array(
    array(
        'resource_id' => null,
        'role_id'     => 'admin', // Administrator
        'privilege'   => null,
        'allowed'     => true,
    ),
    array(
        'resource_id' => 'admin/index',
        'role_id'     => Admin_Helper_AccessManager::usernameAsRole('monzee'),
        'privilege'   => null,
        'allowed'     => true,
    ),
    array(
        'resource_id' => 'default/index',
        'role_id'     => 'guest',
        'privilege'   => null,
        'allowed'     => true,
    ),
    array(
        'resource_id' => 'blog/posts',
        'role_id'     => 'author', // Author
        'privilege'   => null,
        'allowed'     => true,
    ),
    array(
        'resource_id' => 'blog/posts',
        'role_id'     => 'author', // Author
        'privilege'   => 'delete',
        'allowed'     => false,
    ),
    array(
        'resource_id' => 'blog/posts',
        'role_id'     => 'editor', // Editor
        'privilege'   => 'delete',
        'allowed'     => true,
    ),
    array(
        'resource_id' => 'blog/comments',
        'role_id'     => 'member', // Member
        'privilege'   => null,
        'allowed'     => true,
    ),
    array(
        'resource_id' => 'blog/comments',
        'role_id'     => 'member', // Member
        'privilege'   => 'edit',
        'allowed'     => false,
    ),
    array(
        'resource_id' => 'blog/comments',
        'role_id'     => 'member', // Member
        'privilege'   => 'delete',
        'allowed'     => false,
    ),
    array(
        'resource_id' => 'blog/comments',
        'role_id'     => 'mod', // Moderator
        'privilege'   => 'edit',
        'allowed'     => true,
    ),
    array(
        'resource_id' => 'blog/comments',
        'role_id'     => 'mod', // Moderator
        'privilege'   => 'delete',
        'allowed'     => true,
    ),
);